Every CVE whose affected-product data names Yahoo Messenger, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2014-7216 — CVSS 9.3 (critical): Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service…
CVE-2007-4515 — CVSS 9.3 (critical): Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before…
CVE-2007-4391 — CVSS 9.3 (critical): Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service…
CVE-2007-3148 — CVSS 9.3 (critical): Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to…
CVE-2007-3147 — CVSS 9.3 (critical): Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to…
CVE-2007-1680 — CVSS 9.3 (critical): Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger…
CVE-2006-6603 — CVSS 9.3 (critical): Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to…
CVE-2007-3928 — CVSS 7.6 (high): Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address…
CVE-2002-1665 — CVSS 7.5 (high): Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute…
CVE-2004-0043 — CVSS 7.5 (high): Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly…
CVE-2002-0032 — CVSS 7.5 (high): Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a…
CVE-2002-0320 — CVSS 7.5 (high): Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long…
CVE-2005-0737 — CVSS 7.5 (high): Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode.
CVE-2002-0322 — CVSS 7.5 (high): Yahoo! Messenger 4.0 sends user passwords in cleartext, which could allow remote attackers to gain privileges of other users via sniffing.
CVE-2002-1664 — CVSS 6.4 (medium): Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain…
CVE-2007-3638 — CVSS 6.0 (medium): Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute…
CVE-2002-2361 — CVSS 5.8 (medium): The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan…
CVE-2012-0268 — CVSS 5.1 (medium): Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might…
CVE-2007-5017 — CVSS 5.0 (medium): Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows…
CVE-2007-4635 — CVSS 5.0 (medium): Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer…
CVE-2007-0868 — CVSS 5.0 (medium): Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a…
CVE-2006-3298 — CVSS 5.0 (medium): Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII…
CVE-2002-0321 — CVSS 5.0 (medium): Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social…
CVE-2005-1618 — CVSS 5.0 (medium): The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room…
CVE-2006-5563 — CVSS 5.0 (medium): Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL…
CVE-2005-0243 — CVSS 5.0 (medium): Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes…
CVE-2002-0031 — CVSS 4.6 (medium): Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long…
CVE-2005-0242 — CVSS 4.6 (medium): The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing…
CVE-2007-0768 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow…
CVE-2009-4171 — CVSS 4.3 (medium): An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause…
CVE-2006-4975 — CVSS 2.6 (low): Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary…
CVE-2003-1135 — CVSS 2.6 (low): Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile)…
CVE-2005-1671 — CVSS 2.1 (low): The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file…